Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20130801004940.GA20323@brightrain.aerifal.cx>
Date: Wed, 31 Jul 2013 20:49:40 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Solving the recursive memcpy/memset/etc. issue

OK, so now that it's hit us for real, what should we do about GCC
generating code for memcpy, memset, etc. which might contain infinite
recursion? Aside from the ARM issue (which was separate), we know the
option causing this bad code generation, and it can be disabled via
-fno-tree-loop-distribute-patterns. However, if GCC policy is that
they consider the compiler entitled to generate calls to
memcpy/memset/memmove/memcmp whenever it wants, then we're just going
to be playing whack-a-mole.

The only fully viable option I see is replacing the code for these
functions with code that uses volatile objects so as to make
optimization utterly impossible. This will of course make them
incredibly slow, but at least we would have safe, working C code, and
we could add asm for each supported arch.

An alternative might be to test the compiler in configure to determine
if, with the selected CFLAGS, it generates recursive code for these
functions, and if so, defining a macro that causes musl to revert to
the volatile code.

Other ideas? For now, if -fno-tree-loop-distribute-patterns fixes it
(still waiting on confirmation for this) I'm going to commit that to
configure, but it doesn't seem like a viable long-term solution.

My ideal outcome would be a promise from the GCC developers that, in
future GCC versions, -ffreestanding implies disabling any options
which would generate calls to the mem* functions. However that sounds
unlikely.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.